Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connect multiple Logins to the same User #5104

Closed
vadiraja opened this issue Mar 16, 2020 · 22 comments
Closed

Connect multiple Logins to the same User #5104

vadiraja opened this issue Mar 16, 2020 · 22 comments
Assignees
@nadetastic
Labels
Auth Related to Auth components/category documentation Related to documentation feature requests

Comments

@vadiraja
Copy link

** Which Category is your question related to? **
Auth
** What AWS Services are you utilizing? **
Cognito, AWS AppSync, API
** Provide additional details e.g. code snippets **
E.g. Sample code, versions of Amplify you are using
Amplify CLI - 4.12.0
"amazon-cognito-identity-js": "^3.2.5",
"aws-amplify": "^2.2.6",
"aws-amplify-react-native": "^3.2.2",
"aws-appsync": "^3.0.2",
"aws-appsync-react": "^3.0.2",
"expo": "^36.0.0",

I am using Amplify Auth for Sign in and Sign up. I have also connecter Cognito User Pools to social logins. Now the question is, if some one already signed up using username/password and then they try to use Facebook login, how do I connect both the user credentials together? Now it creates a separate account for each social login. This would be a nightmare for connecting analytics and user experience.

Can I provide a button in a profile screen for users to connect both the account? But how do I store that in Cognito user pool?

Any suggestions on how to handle it?
@vadiraja vadiraja added the question General question label Mar 16, 2020
@sammartinez sammartinez added the Auth Related to Auth components/category label Mar 17, 2020
@sammartinez
Copy link
Contributor

@vadiraja Have you reviewed the Social Providers and Federation setup within our documentation?

@vadiraja
Copy link
Author

Yes, I read it but there is no option for setting up Cognito Pool for what I am asking. If you can point me to specific section that would be helpful.

@Mersmith
Copy link

Mersmith commented Jul 9, 2020
edited
Loading

The same thing happens to me too.

When I log in normally without Facebook it creates an id. But when I log in with facebook it creates another user id.

It is rare because I am the same user with the same email but with different id.

And when I make a call from all the users, they both leave with the same emails.

That happens to me when I log in with Facebook and Google.

It would be nice if a single user manages many login accounts. Is it possible to do that?
r7u3pmm5ztjn9z66g7mm

@tvbowersz
Copy link

tvbowersz commented Oct 25, 2020
edited
Loading

@Mersmith Not sure if this is still an issue for you, but we implemented the following solution using the pre-sign up trigger: #369 (comment)

It links the two accounts so that they share the same sub.

@Akshat0694
Copy link

@tvbowersz thanks for the link to a very helpful comment. When implementing the pre-signup trigger leveraging adminLinkProviderForUser, did you encountered the following error after Lambda returned the event to Cognito: Already+found+an+entry+for+username+xxxx_2134343141? Moreover, did you end up having 2 users created in the User Pool which have the same "identities" and "sub" attributes or just the initially existing one with a new "identities" attribute? Would appreciate your reply.

@tvbowersz
Copy link

@Akshat0694 I"m not clear on where you are saying you are receiving the Already+found+an+entry+for+username+xxxx_2134343141 message. We did end up with 2 users created in the User Pool with the additional "identity" listed on the user. However accessing either user returned the linked user's sub and attributes.

@barticus
Copy link

barticus commented Mar 1, 2021

Hey @tvbowersz or @Akshat0694 , when you did the pre-sign up trigger work around, did you see a side effect that users cannot reset their cognito password anymore? I may have implemented mine slightly differently (as vaguely described here #565 where i throw an exception and retry the authentication in the frontend) so we only end up with a single linked user.

@bobbyhadz
Copy link

@barticus Is the user's email_verified attribute set to false, if so when you request a password reset you will get a success response, but you won't receive an email.

Also when working with external Identity Providers the event.response.autoVerifyEmail property does not work when you set it in the pre-signup lambda trigger - #5287

The only way I know of to fix it is if you map the cognito native attribute email_verified to the external provider's email_verified attriubte.

In TS, for google oauth:

this.userPoolIdentityProviderGoogle = new cognito.UserPoolIdentityProviderGoogle(
	this,
	"userpool-identity-provider-google",
	{
		userPool: this.userPool,
		clientId: GOOGLE_CLIENT_ID,
		clientSecret: GOOGLE_CLIENT_SECRET,
		attributeMapping: {
			email: {
				attributeName: cognito.ProviderAttribute.GOOGLE_EMAIL.attributeName
			},
			// eslint-disable-next-line @typescript-eslint/ban-ts-comment
			// @ts-ignore
			emailVerified: {
				attributeName: "email_verified"
			}
		}
	}
);

The types in the cdk don't include the emailVerified Attribute mapping, so that's a little confusing.

Same thing but with AWS Cloudformation:

UserPoolIdentityProvider:
  Type: AWS::Cognito::UserPoolIdentityProvider
  Properties:
    UserPoolId: !Ref CognitoUserPool
    ProviderName: Google
    ProviderDetails:
      client_id: !Ref GoogleAppId
      client_secret: !Ref GoogleAppSecret
      authorize_scopes: "profile email openid"
    ProviderType: Google
    AttributeMapping:
      email: email
      given_name: given_name
      family_name: family_name
      email_verified: email_verified

@barticus
Copy link

barticus commented Mar 5, 2021

@bobbyhadz hey thanks for the response! Not long after posting my question I stumbled upon another thread where they mentioned adding the attribute mapping and confirmed that it all works fine with that. I did mean to come back to this thread for any future readers but forgot about it.
Much appreciated ☺️

@barticus
Copy link

barticus commented Mar 5, 2021

@bobbyhadz in case its helpful, this is the CDK i ended up with (and doesnt need a ts-ignore on it):

attributeMapping: {
    email: {
      attributeName: 'email',
    },
    familyName: {
      attributeName: 'family_name',
    },
    givenName: {
      attributeName: 'given_name',
    },
    custom: {
      email_verified: cognito.ProviderAttribute.other(
        'email_verified'
      ),
    },
  },
}

Seems strange they don't have all the provider attributes listed in the Cognito console.

@bobbyhadz
Copy link

@barticus did you use this with Facebook as a provider?

Just tested it with Google and it works, thanks!

I have to add Facebook oauth next, so just making sure, thank you for taking the time.

@barticus
Copy link

barticus commented Mar 5, 2021

@bobbyhadz no, just with google.

With FB, just a heads up that if you're using the method where you throw an error in PreSignUp (after attaching identity details) and then retry login on the frontend, it may not work as smoothly (#565 (comment))

@dnys1 dnys1 mentioned this issue Jun 12, 2022
Closed
9 tasks
@tannerabread tannerabread added feature-request Request a new feature Service Team Issues asked to the Service Team labels Nov 29, 2022
@tannerabread tannerabread mentioned this issue Nov 29, 2022
Closed
@tannerabread tannerabread changed the title How to connect User and their Facebook account? Connect multiple Logins to the same User Nov 29, 2022
@tannerabread tannerabread removed the question General question label Dec 2, 2022
@tannerabread tannerabread mentioned this issue Feb 17, 2023
Closed
@tannerabread tannerabread added the Cognito Related to cognito issues label Mar 14, 2023
@cwomack cwomack mentioned this issue Mar 14, 2023
Open
@abdallahshaban557
Copy link
Contributor

Cognito has recently resolved an issue with linking federated users to an existing user profile in Cognito User Pools. As a result, your Amplify application can now merge user identities from 3rd party social identity providers to a Cognito user in a user pool using the Pre sign-up Lambda trigger. You can use the AdminLinkProviderForUser API from Cognito to set up custom logic to determine how your user identities get merged. To learn more about the use of this feature, you can check out the following documentation pages.

We will work on resources to share with you to explain how to integrate this feature into your Amplify app.

@abdallahshaban557 abdallahshaban557 mentioned this issue Apr 20, 2023
Open
@nadetastic nadetastic mentioned this issue May 17, 2023
Closed
@nadetastic nadetastic mentioned this issue May 17, 2023
Closed
3 tasks
@nadetastic
Copy link
Member

Following up here, I can confirm that this works for both Facebook and Google, where only one user is created in the scenario where the existing user is setup with username/password and you link their social logins to it.

We are working on updating the documentation detailing this steps, but in the meantime, here is a sample app that uses the pre-signup trigger to merge accounts.

@nadetastic
Copy link
Member

@barticus @bobbyhadz ^

@nadetastic nadetastic added the documentation Related to documentation feature requests label May 17, 2023
@nadetastic nadetastic self-assigned this Jun 12, 2023
@nadetastic nadetastic mentioned this issue Jul 11, 2023
Closed
2 tasks
@nadetastic nadetastic removed feature-request Request a new feature Cognito Related to cognito issues Service Team Issues asked to the Service Team labels Jul 11, 2023
@michelmob
Copy link

Hi!
Any update here @nadetastic? I'm still trying to merge the accounts and after receiving the 200 code nothing happened.

Workarounds?

@nadetastic
Copy link
Member

HI @michelmob - have you had a chance to look at this sample code for a preSignUp lambda that will merge a users account?

@nadetastic
Copy link
Member

Closing this issue in favor of tracking the documentation improvement here

@theewl
Copy link

theewl commented Feb 12, 2024
edited
Loading

I am still getting Merging is not currently supported, provide a SourceUser that has not been signed up in order to link when trying to link an existing google user with an existing email/password user (same email). is this still expected?

@nadetastic
Copy link
Member

Hi @theewl are you trying to merge two existing users?

@theewl
Copy link

theewl commented Feb 13, 2024

Hi @theewl are you trying to merge two existing users?

Correct

@nadetastic nadetastic mentioned this issue Mar 4, 2024
Closed
2 tasks
@hamza-najib47
Copy link

I'm trying to implement the exact same thing, except the user signs up with their phone number and password.
I want the user to be able to link their social account while they're logged in.
aws-amplify doesn't let me call 'signInWithRedirect' function and throws an error saying 'UserAlreadyAuthenticatedException: There is already a signed in user'.
Any leads on this? How do I call the pre-sign up hook when the user's not signing up, they're already logged in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadetastic nadetastic

Labels
Auth Related to Auth components/category documentation Related to documentation feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests